Ipv6 acl is not working as expected, if the ipv6 address of domain is unrouteable and it fallbacks to ipv4 even when its denied.
Details : What I am trying to achieve : I want to disable all IPv4 domain access from proxy and disable all ipv4 connections. Here is my directives just before http_access deny all line in default squid conf. dns_v4_first off acl to_ipv6 dst ipv6 http_access deny !to_ipv6 http_access allow to_ipv6 When I browse this site using proxy http://whatismyipv6.com This site has ipv6 AAAA record but thats is not routed when I check. Here is the log 1506526125.315 327 <publicIP> TCP_MISS/200 2486 GET http://www.whatismyipv6.com/ - HIER_DIRECT/216.64.158.90 text/html 1506526126.259 632 <publicIP> TCP_MISS/200 31738 GET http://www.whatismyipv6.com/World-IPv6-Day.jpg - HIER_DIRECT/216.64.158.90 image/jpeg The log shows that squid is able to browse the site which is explicitly denied by http_access directive.
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
